On the heals of a Bloomberg News report alleging that the Russians had infiltrated voter registration systems in 39 states, the US Senate Select Committee on Intelligence heard testimony from cybersecurity experts and national security officials about past and ongoing threats of cyberattacks on the American voting system. Also this week, Time Magazine reported that the hacking of state and local election databases in 2016 was more extensive than previously reported, including at least one successful attempt to alter voter information, and the theft of thousands of voter records that contain private information like partial Social Security numbers.
One of the Senate Committee witness, University of Michigan computer scientist J. Alex Halderman contributed an oped to the Washington Post describing the severity of the threats and advocating the replacement of direct recording electronic voting equipment with paper ballot systems and routine risk-limiting post election audits of all elections. Verified Voting echoed these concerns and recommendation in commentary submitted to the Senate Committee following the hearing.
A McClatchy article described how state and local election officials, concerned about impacting voter confidence, habitually downplay the vulnerability of voting equipment and processes. Commenting on revelations last week that voter registration technology vendor VR Systems has been the victim of cyberattacks, Verified Voting’s Susan Greenhalgh commented “[i]f attackers wanted to impact an election through an attack on a vendor like VR Systems, they could manipulate or delete voter records impacting a voter’s ability to cast a regular ballot. Or, they could cause the E-Pollbooks (electronic databases of voters) to malfunction, hampering the check-in process and creating long lines.”
This week it was also revealed that a data marketing firm contracted by the Republican National Committee had left personal data gathered on more than 198 million Americans, i.e. 61% of the population, exposed on the internet for almost two weeks earlier this month. UpGuard cyber risk analyst Chris Vickery discovered more than a terabyte of data from Deep Root Analytics, a conservative data firm that identifies audiences for political ads, stored on a cloud server without the protection of a password and therefore accessible by anyone who found the URL.
Following the most expensive congressional election in American history, voters went to the polls in a special election run-off Tuesday in Georgia’s 6th Congressional District amid controversy over the state’s unauditable voting equipment. Even without considering reports of multiple cyberattacks on Kennesaw State University’s Election Center, where all of Georgia’s voting machines are programmed and the state’s voter data is maintained, the concern in Georgia is not necessarily associated with any specific hacking threat. Rather as noted by Verified Voting President Pamela Smith “You have an un-provable system. It might be right, it might not be right, and that absence of authoritative confirmation is the biggest problem. It’s corrosive.”
Responding the a ruling by the Maine Supreme Judicial Court that a voter-passed initiative requiring a statewide ranked choice voting system was constitutional, the state senate gave initial approval to a bill that would amend the Maine Constitution to resolve the issues with the initiative. If the constitutional amendment receives the approval of two-thirds of the Legislature it will be placed before the voters. Facing pressure for contradicting the will of the voters, legislators earlier in the week had tabled a bill that would have repealed the original ballot initiative.
The U.S. Supreme Court declined to take up an Ohio voting rights case on a technical challenge to the state’s right to reject a voter registration application on the basis of an error or omission unrelated to the voter’s qualifications. On the same day the court agreed to hear a case that found Wisconsin Republicans overreached in 2011 by drawing legislative districts that were so favorable to them that they violated the U.S. Constitution. In the same ruling, the justices issued a stay that blocked a lower court ruling that the state develop new maps by Nov. 1. The case is being watched nationally because it will likely resolve whether maps of lawmakers’ districts can be so one-sided that they violate the constitutional rights of voters. The question has eluded courts for decades.
In Texas, U.S. District Judge Nelva Gonzales Ramos gave lawyers two weeks to file legal briefs in a case challenging the state’s vote ID requirement, with a final round of response briefs due July 17. Ramos also said she wants to receive arguments about whether Texas should be placed under pre-clearance — meaning the U.S. Justice Department would have to approve changes to voting laws or practices in the state to ensure compliance with the Voting Rights Act.
In spite of news of the exposure of voter data by Deep Root Analytics, Canadian Democratic Institutions Minister Karina Gould says it’s not the time to implement basic privacy and security rules for political parties’ collection of Canadians’ personal data. There are virtually no rules governing how Canada’s political parties collect, store and use information about individual voters gleaned from door-to-door outreach efforts, e-mail campaigns and Elections Canada data.
Voters in Papua New Guinea began a two voting period yesterday with election officials and government authorities calling for calm. Historically, tensions during polling, vote counting and the announcement of winners in PNG has erupted into widespread violence.